{
  "draft": "draft-ietf-anima-brski-ae-13",
  "doc_id": "RFC9733",
  "title": "BRSKI with Alternative Enrollment (BRSKI-AE)",
  "authors": [
    "D. von Oheimb, Ed.",
    "S. Fries",
    "H. Brockhaus"
  ],
  "format": [
    "XML",
    "TEXT",
    "HTML",
    "PDF"
  ],
  "page_count": "27",
  "pub_status": "PROPOSED STANDARD",
  "status": "PROPOSED STANDARD",
  "source": "Autonomic Networking Integrated Model and Approach",
  "abstract": "This document defines enhancements to the Bootstrapping Remote Secure Key Infrastructure (BRSKI) protocol, known as BRSKI with Alternative Enrollment (BRSKI-AE).  BRSKI-AE extends BRSKI to support certificate enrollment mechanisms instead of the originally specified use of Enrollment over Secure Transport (EST).  It supports certificate enrollment protocols such as the Certificate Management Protocol (CMP) that use authenticated self-contained signed objects for certification messages, allowing for flexibility in network device onboarding scenarios.  The enhancements address use cases where the existing enrollment mechanism may not be feasible or optimal, providing a framework for integrating suitable alternative enrollment protocols.  This document also updates the BRSKI reference architecture to accommodate these alternative methods, ensuring secure and scalable deployment across a range of network environments.",
  "pub_date": "March 2025",
  "keywords": [
    "BRSKI",
    "IoT",
    "zero-touch onboarding",
    "alternative enrollment protocols",
    "CMP",
    "self-contained signed objects",
    "end-to-end proof of origin",
    "auditable source authentication"
  ],
  "obsoletes": [],
  "obsoleted_by": [],
  "updates": [],
  "updated_by": [],
  "see_also": [],
  "doi": "10.17487/RFC9733",
  "errata_url": null
}